Advisories MDVSA-2010:071: mozilla-thunderbird

[paul]

Multiple vulnerabilities has been found and corrected in

mozilla-thunderbird:

 

Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19

process e-mail attachments with a parser that performs casts and

line termination incorrectly, which allows remote attackers to

cause a denial of service (application crash) or possibly execute

arbitrary code via a crafted message, related to message indexing

(CVE-2009-0689).

 

Integer overflow in a base64 decoding function in Mozilla Firefox

before 3.0.12 and Thunderbird allows remote attackers to cause a

denial of service (memory corruption and application crash) or possibly

execute arbitrary code via unspecified vectors (CVE-2009-2463).

 

Multiple unspecified vulnerabilities in the browser engine in Mozilla

Firefox before 3.0.14, and 3.5.x before 3.5.3, allow remote attackers

to cause a denial of service (memory corruption and application crash)

or possibly execute arbitrary code via unknown vectors (CVE-2009-3072).

 

Multiple unspecified vulnerabilities in the JavaScript engine

in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow

remote attackers to cause a denial of service (memory corruption and

application crash) or possibly execute arbitrary code via unknown

vectors (CVE-2009-3075).

 

Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not

properly manage pointers for the columns (aka TreeColumns) of a XUL

tree element, which allows remote attackers to execute arbitrary

code via a crafted HTML document, related to a dangling pointer

vulnerability. (CVE-2009-3077)

 

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey

before 2.0, does not properly handle a right-to-left override (aka

RLO or U+202E) Unicode character in a download filename, which allows

remote attackers to spoof file extensions via a crafted filename,

as demonstrated by displaying a non-executable extension for an

executable file (CVE-2009-3376).

 

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey

before 2.0.1, allows remote attackers to send authenticated requests

to arbitrary applications by replaying the NTLM credentials of a

browser user (CVE-2009-3983).

 

Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19

process e-mail attachments with a parser that performs casts and

line termination incorrectly, which allows remote attackers to

cause a denial of service (application crash) or possibly execute

arbitrary code via a crafted message, related to message indexing

(CVE-2010-0163).

 

This update provides the latest version of Thunderbird which are not

vulnerable to these issues.

 

Packages for 2008.0 and 2009.0 are provided due to the Extended

Maintenance Program for those products.

 

Additionally, some packages which require so, have been rebuilt and

are being provided as updates.